Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Simple Apex Controller with CRUD and FLS
This simple controller (without CRUD and FLS) ...
public with sharing class AccountController {
@AuraEnabled
public static List<Account> findAll() {
return [SELECT id, name, Location__Latitude__s, Location__Longitude__s
FROM Account
WHERE Location__Latitude__s != NULL AND Location__Longitude__s != NULL
LIMIT 50];
}
}
... should be rewritten like this (With CRUD and FLS):
public with sharing class AccountController {
@AuraEnabled
public static List<Account> getAccounts() {
String [] fields = new String [] {
'Id',
’Name',
’Location__Latitude__s',
’Location__Longitude__s'
};
Map<String,Schema.SObjectField> m = Schema.SObjectType.Account.fields.getMap();
for (String field : fields) {
// Check if user has permission to view field
if (!m.get(field).getDescribe().isAccessible()) {
throw new System.NoAccessException()
return null;
}
}
return [SELECT id, name, Location__Latitude__s, Location__Longitude__s
FROM Account
WHERE Location__Latitude__s != NULL AND Location__Longitude__s != NULL
LIMIT 50];
}
}
@forcemantis

This comment has been minimized.

Copy link

forcemantis commented Mar 1, 2018

Jeff, Should we also not check Schema.SObjectType.Account.isAccessible() either on line 28 or 39?

@Doudouz-EITECH

This comment has been minimized.

Copy link

Doudouz-EITECH commented Aug 3, 2018

+1

@rbenedetti

This comment has been minimized.

Copy link

rbenedetti commented Oct 9, 2019

If the field is accessible, so is the object.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.